Blame SOURCES/scap-security-guide-0.1.50-removable_media_PR_5278.patch

dac76a
diff --git a/docs/manual/developer_guide.adoc b/docs/manual/developer_guide.adoc
dac76a
index 76c1c10218..d2b94207d4 100644
dac76a
--- a/docs/manual/developer_guide.adoc
dac76a
+++ b/docs/manual/developer_guide.adoc
dac76a
@@ -1555,12 +1555,9 @@ mount_option_remote_filesystems::
dac76a
 * Languages: Ansible, Bash, OVAL
dac76a
 
dac76a
 mount_option_removable_partitions::
dac76a
-* Checks if all removable media mounts are mounted with a specific option.
dac76a
+* Checks if all removable media mounts are mounted with a specific option. Unlike other mount option templates, this template doesn't use the mount point, but the block device. The block device path (eg. `/dev/cdrom`) is always set to `var_removable_partition`. This is an XCCDF Value, defined in `link:{rootdir}/linux_os/guide/system/permissions/partitions/var_removable_partition.var[var_removable_partition.var]`
dac76a
 * Parameters:
dac76a
-** *mountpoint* - always set to `var_removable_partition`. This is an XCCDF Value, defined in `link:{rootdir}/linux_os/guide/system/permissions/partitions/var_removable_partition.var[var_removable_partition.var]`
dac76a
 ** *mountoption* - mount option, eg. `nodev`
dac76a
-** *filesystem* - filesystem of new mount point (used when adding new entry in `/etc/fstab`), eg. `tmpfs`. Used only in Bash remediation.
dac76a
-** *mount_has_to_exist* - Used only in Bash remediation. Specifies if the *mountpoint* entry has to exist in `/etc/fstab` before the remediation is executed. If set to `yes` and the *mountpoint* entry is not present in `/etc/fstab` the Bash remediation terminates. If set to `no` the *mountpoint* entry will be created in `/etc/fstab`.
dac76a
 * Languages: Anaconda, Ansible, Bash, OVAL
dac76a
 
dac76a
 package_installed::
dac76a
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
dac76a
index 7fd5237f1d..ef3fed7bac 100644
dac76a
--- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
dac76a
+++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
dac76a
@@ -39,8 +39,6 @@ platform: machine
dac76a
 template:
dac76a
     name: mount_option_removable_partitions
dac76a
     vars:
dac76a
-        mount_has_to_exist: 'yes'
dac76a
         mountoption: nodev
dac76a
-        mountpoint: var_removable_partition
dac76a
     backends:
dac76a
         anaconda: 'off'
dac76a
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
dac76a
index 0cff560310..b95e2394a7 100644
dac76a
--- a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
dac76a
+++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
dac76a
@@ -47,8 +47,6 @@ platform: machine
dac76a
 template:
dac76a
     name: mount_option_removable_partitions
dac76a
     vars:
dac76a
-        mount_has_to_exist: 'yes'
dac76a
         mountoption: noexec
dac76a
-        mountpoint: var_removable_partition
dac76a
     backends:
dac76a
         anaconda: 'off'
dac76a
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_bad_opts.fail.sh b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_bad_opts.fail.sh
dac76a
new file mode 100644
dac76a
index 0000000000..10fd6cdad0
dac76a
--- /dev/null
dac76a
+++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_bad_opts.fail.sh
dac76a
@@ -0,0 +1,4 @@
dac76a
+#!/bin/bash
dac76a
+
dac76a
+touch /dev/cdrom
dac76a
+echo "/dev/cdrom /var/cdrom iso9660 ro 0 0" > /etc/fstab
dac76a
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_good_opts.pass.sh b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_good_opts.pass.sh
dac76a
new file mode 100644
dac76a
index 0000000000..ae33d8312a
dac76a
--- /dev/null
dac76a
+++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_good_opts.pass.sh
dac76a
@@ -0,0 +1,4 @@
dac76a
+#!/bin/bash
dac76a
+
dac76a
+touch /dev/cdrom
dac76a
+echo "/dev/cdrom /var/cdrom iso9660 noexec 0 0" > /etc/fstab
dac76a
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts.fail.sh b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts.fail.sh
dac76a
new file mode 100644
dac76a
index 0000000000..a68453097d
dac76a
--- /dev/null
dac76a
+++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts.fail.sh
dac76a
@@ -0,0 +1,4 @@
dac76a
+#!/bin/bash
dac76a
+
dac76a
+touch /dev/cdrom
dac76a
+echo "/dev/cdrom /media/cdrom iso9660 ro,noauto,nosuid,nodev,defaults 0 0" >> /etc/fstab
dac76a
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts.pass.sh b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts.pass.sh
dac76a
new file mode 100644
dac76a
index 0000000000..472a5e0578
dac76a
--- /dev/null
dac76a
+++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts.pass.sh
dac76a
@@ -0,0 +1,4 @@
dac76a
+#!/bin/bash
dac76a
+
dac76a
+touch /dev/cdrom
dac76a
+echo "/dev/cdrom /media/cdrom iso9660 ro,noauto,nosuid,noexec,nodev 0 0" >> /etc/fstab
dac76a
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts_first.pass.sh b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts_first.pass.sh
dac76a
new file mode 100644
dac76a
index 0000000000..ab2815f713
dac76a
--- /dev/null
dac76a
+++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts_first.pass.sh
dac76a
@@ -0,0 +1,4 @@
dac76a
+#!/bin/bash
dac76a
+
dac76a
+touch /dev/cdrom
dac76a
+echo "/dev/cdrom /media/cdrom iso9660 noexec,ro,noauto,nosuid,nodev 0 0" >> /etc/fstab
dac76a
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts_last.pass.sh b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts_last.pass.sh
dac76a
new file mode 100644
dac76a
index 0000000000..5316c7c319
dac76a
--- /dev/null
dac76a
+++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts_last.pass.sh
dac76a
@@ -0,0 +1,4 @@
dac76a
+#!/bin/bash
dac76a
+
dac76a
+touch /dev/cdrom
dac76a
+echo "/dev/cdrom /media/cdrom iso9660 ro,noauto,nosuid,nodev,noexec 0 0" >> /etc/fstab
dac76a
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/dvd_bad_opts.fail.sh b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/dvd_bad_opts.fail.sh
dac76a
deleted file mode 100644
dac76a
index 96540c9f34..0000000000
dac76a
--- a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/dvd_bad_opts.fail.sh
dac76a
+++ /dev/null
dac76a
@@ -1,8 +0,0 @@
dac76a
-#!/bin/bash
dac76a
-#
dac76a
-# profiles = xccdf_org.ssgproject.content_profile_C2S
dac76a
-
dac76a
-. $SHARED/removable_partitions.sh
dac76a
-
dac76a
-touch /dev/dvd
dac76a
-dvdrom_fstab_line > /etc/fstab
dac76a
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/dvd_good_opts.pass.sh b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/dvd_good_opts.pass.sh
dac76a
deleted file mode 100644
dac76a
index 1f29c61f23..0000000000
dac76a
--- a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/dvd_good_opts.pass.sh
dac76a
+++ /dev/null
dac76a
@@ -1,8 +0,0 @@
dac76a
-#!/bin/bash
dac76a
-#
dac76a
-# profiles = xccdf_org.ssgproject.content_profile_C2S
dac76a
-
dac76a
-. $SHARED/removable_partitions.sh
dac76a
-
dac76a
-touch /dev/dvd
dac76a
-dvdrom_fstab_line noexec > /etc/fstab
dac76a
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/no_partitions.pass.sh b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/no_partitions.pass.sh
dac76a
index 9f348f24c2..cb39b089ec 100644
dac76a
--- a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/no_partitions.pass.sh
dac76a
+++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/no_partitions.pass.sh
dac76a
@@ -1,6 +1,7 @@
dac76a
 #!/bin/bash
dac76a
-#
dac76a
-# profiles = xccdf_org.ssgproject.content_profile_C2S
dac76a
+
dac76a
+# Regression test for rhbz#1403905
dac76a
+# The rule should pass if there is no removable media entry in /etc/fstab
dac76a
 
dac76a
 touch /dev/cdrom
dac76a
 echo "" > /etc/fstab
dac76a
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
dac76a
index 1ec828b015..b77c48a295 100644
dac76a
--- a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
dac76a
+++ b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
dac76a
@@ -41,8 +41,6 @@ platform: machine
dac76a
 template:
dac76a
     name: mount_option_removable_partitions
dac76a
     vars:
dac76a
-        mount_has_to_exist: 'yes'
dac76a
         mountoption: nosuid
dac76a
-        mountpoint: var_removable_partition
dac76a
     backends:
dac76a
         anaconda: 'off'
dac76a
diff --git a/shared/templates/template_ANACONDA_mount_option_removable_partitions b/shared/templates/template_ANACONDA_mount_option_removable_partitions
dac76a
index 8092f6648a..b4510ae804 100644
dac76a
--- a/shared/templates/template_ANACONDA_mount_option_removable_partitions
dac76a
+++ b/shared/templates/template_ANACONDA_mount_option_removable_partitions
dac76a
@@ -4,4 +4,4 @@
dac76a
 # complexity = low
dac76a
 # disruption = high
dac76a
 
dac76a
-part (anaconda-populate {{{ MOUNTPOINT }}}) --mountoptions="{{{ MOUNTOPTION }}}"
dac76a
+part (anaconda-populate var_removable_partition) --mountoptions="{{{ MOUNTOPTION }}}"
dac76a
diff --git a/shared/templates/template_ANSIBLE_mount_option_removable_partitions b/shared/templates/template_ANSIBLE_mount_option_removable_partitions
dac76a
index aafce84762..374499261d 100644
dac76a
--- a/shared/templates/template_ANSIBLE_mount_option_removable_partitions
dac76a
+++ b/shared/templates/template_ANSIBLE_mount_option_removable_partitions
dac76a
@@ -3,31 +3,11 @@
dac76a
 # strategy = configure
dac76a
 # complexity = low
dac76a
 # disruption = high
dac76a
-- (xccdf-var {{{ MOUNTPOINT }}})
dac76a
+- (xccdf-var var_removable_partition)
dac76a
 
dac76a
-- name: get back mount information associated to mountpoint
dac76a
-  command: findmnt --fstab '{{ {{{ MOUNTPOINT }}} }}'
dac76a
-  register: device_name
dac76a
-  failed_when: device_name.rc > 1
dac76a
-  changed_when: False
dac76a
-
dac76a
-- name: create mount_info dictionary variable
dac76a
-  set_fact:
dac76a
-    mount_info: "{{ mount_info|default({})|combine({item.0: item.1}) }}"
dac76a
-  with_together:
dac76a
-    - "{{ device_name.stdout_lines[0].split() | list | lower }}"
dac76a
-    - "{{ device_name.stdout_lines[1].split() | list }}"
dac76a
-  when:
dac76a
-    - device_name.stdout is defined and device_name.stdout_lines is defined
dac76a
-    - (device_name.stdout | length > 0)
dac76a
-
dac76a
-- name: Ensure permission {{{ MOUNTOPTION }}} are set on {{{ MOUNTPOINT }}}
dac76a
-  mount:
dac76a
-    path: "{{ {{{ MOUNTPOINT }}} }}"
dac76a
-    src: "{{ mount_info.source }}"
dac76a
-    opts: "{{ mount_info.options }},{{{ MOUNTOPTION }}}"
dac76a
-    state: "mounted"
dac76a
-    fstype: "{{ mount_info.fstype }}"
dac76a
-  when:
dac76a
-    - device_name.stdout is defined
dac76a
-    - (device_name.stdout | length > 0)
dac76a
+- name: Ensure permission {{{ MOUNTOPTION }}} are set on var_removable_partition
dac76a
+  lineinfile:
dac76a
+    path: /etc/fstab
dac76a
+    regexp: '^\s*({{ var_removable_partition }})\s+([^\s]*)\s+([^\s]*)\s+([^\s]*)(.*)$'
dac76a
+    backrefs: yes
dac76a
+    line: '\1 \2 \3 \4,{{{ MOUNTOPTION }}} \5'
dac76a
diff --git a/shared/templates/template_BASH_mount_option_removable_partitions b/shared/templates/template_BASH_mount_option_removable_partitions
dac76a
index dad2c8b718..5293bffc1a 100644
dac76a
--- a/shared/templates/template_BASH_mount_option_removable_partitions
dac76a
+++ b/shared/templates/template_BASH_mount_option_removable_partitions
dac76a
@@ -4,19 +4,15 @@
dac76a
 # Include source function library.
dac76a
 . /usr/share/scap-security-guide/remediation_functions
dac76a
 
dac76a
-populate {{{ MOUNTPOINT }}}
dac76a
+populate var_removable_partition
dac76a
 
dac76a
-include_mount_options_functions
dac76a
+device_regex="^\s*$var_removable_partition\s\+"
dac76a
+mount_option="{{{ MOUNTOPTION }}}"
dac76a
 
dac76a
-function perform_remediation {
dac76a
-	# test "$mount_has_to_exist" = 'yes'
dac76a
-	if test "{{{ MOUNT_HAS_TO_EXIST }}}" = 'yes'; then
dac76a
-		assert_mount_point_in_fstab "${{{ MOUNTPOINT }}}" || { echo "Not remediating, because there is no record of ${{{ MOUNTPOINT }}} in /etc/fstab" >&2; return 1; }
dac76a
-	fi
dac76a
-
dac76a
-	ensure_mount_option_in_fstab "${{{ MOUNTPOINT }}}" "{{{ MOUNTOPTION }}}" "{{{ FILESYSTEM }}}" "{{{ TYPE }}}"
dac76a
-
dac76a
-	ensure_partition_is_mounted "${{{ MOUNTPOINT }}}"
dac76a
-}
dac76a
-
dac76a
-perform_remediation
dac76a
+if grep -q $device_regex /etc/fstab ; then
dac76a
+    previous_opts=$(grep $device_regex /etc/fstab | awk '{print $4}')
dac76a
+    sed -i "s|\($device_regex.*$previous_opts\)|\1,$mount_option|" /etc/fstab
dac76a
+else
dac76a
+    echo "Not remediating, because there is no record of $var_removable_partition in /etc/fstab" >&2
dac76a
+    return 1
dac76a
+fi
dac76a
diff --git a/shared/templates/template_OVAL_mount_option_removable_partitions b/shared/templates/template_OVAL_mount_option_removable_partitions
dac76a
index 8b1987fbb5..4304c175e1 100644
dac76a
--- a/shared/templates/template_OVAL_mount_option_removable_partitions
dac76a
+++ b/shared/templates/template_OVAL_mount_option_removable_partitions
dac76a
@@ -1,39 +1,31 @@
dac76a
 <def-group>
dac76a
-  <definition class="compliance" id="mount_option_{{{ MOUNTOPTION }}}_removable_partitions" version="4">
dac76a
+  <definition class="compliance" id="mount_option_{{{ MOUNTOPTION }}}_removable_partitions" version="5">
dac76a
     <metadata>
dac76a
       <title>Add {{{ MOUNTOPTION }}} Option to Removable Media Partitions</title>
dac76a
       {{{- oval_affected(products) }}}
dac76a
       <description>The {{{ MOUNTOPTION }}} option should be enabled for all removable devices mounts in /etc/fstab.</description>
dac76a
     </metadata>
dac76a
     <criteria operator="OR">
dac76a
-      
dac76a
+      
dac76a
            since there's no device to check against -->
dac76a
       
dac76a
       definition_ref="removable_partition_doesnt_exist" />
dac76a
       
dac76a
-           names in /etc/fstab & runtime configuration are configured with '{{{ MOUNTOPTION }}}' option -->
dac76a
+           names in /etc/fstab are configured with '{{{ MOUNTOPTION }}}' option -->
dac76a
       <criteria operator="AND">
dac76a
         
dac76a
         definition_ref="var_removable_partition_is_cd_dvd_drive" />
dac76a
         <criteria operator="OR">
dac76a
-          <criteria operator="AND">
dac76a
-            
dac76a
+          
dac76a
             comment="Check if at least one from CD/DVD drive alternative names is using '{{{ MOUNTOPTION }}}' mount option in /etc/fstab" />
dac76a
-            
dac76a
-            comment="Check if at least one from CD/DVD drive alternative names is using '{{{ MOUNTOPTION }}}' mount option in runtime configuration" />
dac76a
-          </criteria>
dac76a
           
dac76a
           comment="Check if CD/DVD drive is not configured to automount in /etc/fstab" />
dac76a
         </criteria>
dac76a
       </criteria>
dac76a
       
dac76a
-           /etc/fstab & runtime configuration -->
dac76a
-      <criteria operator="AND">
dac76a
-        
dac76a
+           /etc/fstab -->
dac76a
+      
dac76a
         comment="Check if removable partition is using '{{{ MOUNTOPTION }}}' mount option in /etc/fstab" />
dac76a
-        
dac76a
-        comment="Check if removable partition is using '{{{ MOUNTOPTION }}}' mount option in runtime configuration" />
dac76a
-      </criteria>
dac76a
     </criteria>
dac76a
   </definition>
dac76a
 
dac76a
@@ -58,7 +50,7 @@
dac76a
   </local_variable>
dac76a
 
dac76a
   
dac76a
-       names to check /etc/fstab & runtime settings -->
dac76a
+       names to check /etc/fstab -->
dac76a
   <ind:textfilecontent54_test id="test_{{{ MOUNTOPTION }}}_etc_fstab_cd_dvd_drive" check_existence="any_exist" check="all" comment="'{{{ MOUNTOPTION }}}' mount option used for at least one CD / DVD drive alternative names in /etc/fstab" version="1">
dac76a
     <ind:object object_ref="object_{{{ MOUNTOPTION }}}_etc_fstab_cd_dvd_drive" />
dac76a
     <ind:state state_ref="state_{{{ MOUNTOPTION }}}_etc_fstab_cd_dvd_drive" />
dac76a
@@ -74,27 +66,8 @@
dac76a
     <ind:subexpression operation="pattern match" datatype="string">^.*,?{{{ MOUNTOPTION }}},?.*$</ind:subexpression>
dac76a
   </ind:textfilecontent54_state>
dac76a
 
dac76a
-  <linux:partition_test id="test_{{{ MOUNTOPTION }}}_runtime_cd_dvd_drive" check="all" comment="'{{{ MOUNTOPTION }}}' mount option used for at least one CD / DVD drive alternative names in runtime configuration" version="1">
dac76a
-    <linux:object object_ref="object_{{{ MOUNTOPTION }}}_runtime_cd_dvd_drive" />
dac76a
-  </linux:partition_test>
dac76a
-
dac76a
-  <linux:partition_object id="object_{{{ MOUNTOPTION }}}_runtime_cd_dvd_drive" version="1">
dac76a
-    
dac76a
-         => Capture all & filter out only the relevant ones via the corresponding state -->
dac76a
-    <linux:mount_point operation="pattern match">^.*$</linux:mount_point>
dac76a
-    
dac76a
-         device set to some CD / DVD drive alternative name and simultaneously
dac76a
-         having '{{{ MOUNTOPTION }}}' mount option used -->
dac76a
-    <filter action="include">state_{{{ MOUNTOPTION }}}_runtime_cd_dvd_drive</filter>
dac76a
-  </linux:partition_object>
dac76a
-
dac76a
-  <linux:partition_state id="state_{{{ MOUNTOPTION }}}_runtime_cd_dvd_drive" version="1">
dac76a
-    <linux:device datatype="string" operation="equals" var_ref="variable_cd_dvd_drive_alternative_names_{{{ MOUNTOPTION }}}" var_check="at least one" />
dac76a
-    <linux:mount_options datatype="string" entity_check="at least one" operation="equals">{{{ MOUNTOPTION }}}</linux:mount_options>
dac76a
-  </linux:partition_state>
dac76a
-
dac76a
   
dac76a
-       Check if configured with '{{{ MOUNTOPTION }}}' mount option in both /etc/fstab & runtime configuration -->
dac76a
+       Check if configured with '{{{ MOUNTOPTION }}}' mount option in both /etc/fstab -->
dac76a
   <ind:textfilecontent54_test id="test_{{{ MOUNTOPTION }}}_etc_fstab_not_cd_dvd_drive" check="at least one" check_existence="all_exist" comment="Check if removable partition is configured with '{{{ MOUNTOPTION }}}' mount option in /etc/fstab" version="1">
dac76a
     <ind:object object_ref="object_{{{ MOUNTOPTION }}}_etc_fstab_not_cd_dvd_drive" />
dac76a
     <ind:state state_ref="state_{{{ MOUNTOPTION }}}_etc_fstab_not_cd_dvd_drive" />
dac76a
@@ -121,25 +94,6 @@
dac76a
     <ind:subexpression operation="pattern match" datatype="string">^.*,?{{{ MOUNTOPTION }}},?.*</ind:subexpression>
dac76a
   </ind:textfilecontent54_state>
dac76a
 
dac76a
-  <linux:partition_test id="test_{{{ MOUNTOPTION }}}_runtime_not_cd_dvd_drive" check="all" check_existence="all_exist" comment="'{{{ MOUNTOPTION }}}' mount option used for removable partition in runtime configuration" version="1">
dac76a
-    <linux:object object_ref="object_{{{ MOUNTOPTION }}}_runtime_not_cd_dvd_drive" />
dac76a
-  </linux:partition_test>
dac76a
-
dac76a
-  <linux:partition_object id="object_{{{ MOUNTOPTION }}}_runtime_not_cd_dvd_drive" version="1">
dac76a
-    
dac76a
-         exact name ahead => Capture all & filter out only those relevant later via state -->
dac76a
-    <linux:mount_point operation="pattern match">^.*$</linux:mount_point>
dac76a
-    
dac76a
-         to 'var_removable_partition' variable value and simultaneously having
dac76a
-         '{{{ MOUNTOPTION }}}' mount option set -->
dac76a
-    <filter action="include">state_{{{ MOUNTOPTION }}}_runtime_not_cd_dvd_drive</filter>
dac76a
-  </linux:partition_object>
dac76a
-
dac76a
-  <linux:partition_state id="state_{{{ MOUNTOPTION }}}_runtime_not_cd_dvd_drive" version="1">
dac76a
-    <linux:device datatype="string" operation="equals" var_ref="var_removable_partition" var_check="at least one" />
dac76a
-    <linux:mount_options datatype="string" entity_check="at least one" operation="equals">{{{ MOUNTOPTION }}}</linux:mount_options>
dac76a
-  </linux:partition_state>
dac76a
-
dac76a
   <external_variable comment="removable partition" datatype="string" id="var_removable_partition" version="1" />
dac76a
 
dac76a
 </def-group>
dac76a
diff --git a/ssg/templates.py b/ssg/templates.py
dac76a
index e5ed4890b4..d0af1b19da 100644
dac76a
--- a/ssg/templates.py
dac76a
+++ b/ssg/templates.py
dac76a
@@ -237,7 +237,7 @@ def mount_option_remote_filesystems(data, lang):
dac76a
 
dac76a
 @template(["anaconda", "ansible", "bash", "oval"])
dac76a
 def mount_option_removable_partitions(data, lang):
dac76a
-    return _mount_option(data, lang)
dac76a
+    return data
dac76a
 
dac76a
 
dac76a
 @template(["anaconda", "ansible", "bash", "oval", "puppet"])